Information transfer in a public infrastructure is subject to possible interception, interpretation by third parties, or other maladies not desired by the intended parties of the transfer. Many methods have therefore been developed to create secured relationships that ensure privacy of the communication, integrity of the message, access to information for only restricted parties and authenticity of the sender, as well as other features of private information and communication. Exemplary methods are Virtual Private Networks (VPNs), Secure Sockets Layer (SSL, see Secure Socket Layer Protocol, Version 3.0, November 1996), encryption, digital certificates and various other methods of protecting information access or transfer.
VPNs were developed to create a network within a shared infrastructure, or public network, that provides privacy without the necessity of a physically separate network. SSL provides a session-based encryption and authentication by a secure pipe between two parties, notably a client and a server, and SSL can prevent eavesdropping, tampering, and message forgery in client-server applications. Encryption, either with a secret key or with the public key infrastructure (PKI), provides a method of converting data into an encrypted form called ciphertext so that only parties with a key to unlock the information may be readily able to view it. Some of the numerous other secure relationships include Internet Protocol Security (IPsec), and secure e-mail, including Secure Multipurpose Mail Extensions (S/MIME) and Pretty Good Privacy (PGP), among others.
A problem related to each of these types of information protection methods, or tools, is that in order to establish them over a public network, there must be an initial exchange of agents such as keys, tools, or codes. Unintended parties may therefore acquire these agents and have access to subsequent information intended to be private or be able to create the information and pose as another entity. Therefore establishment of secured relationships is a critical part in their overall effectiveness.
Digital certificates are an integral part of establishment of secured relationships. Digital certificates are basically security attachments to electronic messages. Digital certificates are often used to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. Digital certificates therefore provide a service that insures security in the actual distribution of secured relationship agents.
A problem with digital certificates is how to securely obtain them. To ensure proper security and the integrity of the digital certificate, their procurement is often time consuming or otherwise complex. Certificate Authorities (CA) manage distribution of digital certificates and often act as trusted third parties. A problem with CA's is that before a certificate can be created and distributed, third party trust must be established by some reasonably secure channel. Therefore, although a digital certificate provides authentication, the establishment of the digital certificate is subject to the same authentication problems that it is designed to solve.